CVE-2013-5977

N/A Unknown

Published: November 01, 2013 Modified: April 29, 2026

Description

Cross-site request forgery (CSRF) vulnerability in Cart66Product.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allows remote attackers to hijack the authentication of administrators for requests that (1) create or modify products or conduct cross-site scripting (XSS) attacks via the (2) Product name or (3) Price description field in a product save action via a request to wp-admin/admin.php.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/bugtraq/2013-10/0048.html

Source: cve@mitre.org

Exploit

http://blog.noobroot.com/#%21/2013/10/0-day-wordpress-cart66-plugin-15114.html

Source: cve@mitre.org

http://osvdb.org/98352

Source: cve@mitre.org

http://packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

Source: cve@mitre.org

Exploit

http://seclists.org/bugtraq/2013/Oct/52

Source: cve@mitre.org

Exploit

http://secunia.com/advisories/55265

Source: cve@mitre.org

Vendor Advisory

http://wordpress.org/plugins/cart66-lite/changelog/

Source: cve@mitre.org

http://www.exploit-db.com/exploits/28959

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/bid/62975

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/87874

Source: cve@mitre.org

http://archives.neohapsis.com/archives/bugtraq/2013-10/0048.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://blog.noobroot.com/#%21/2013/10/0-day-wordpress-cart66-plugin-15114.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/98352

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/123587/WordPress-Cart66-1.5.1.14-Cross-Site-Request-Forgery-Cross-Site-Scripting.html

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://seclists.org/bugtraq/2013/Oct/52

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://secunia.com/advisories/55265

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://wordpress.org/plugins/cart66-lite/changelog/

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.exploit-db.com/exploits/28959

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://www.securityfocus.com/bid/62975

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/87874

Source: af854a3a-2127-422b-91ae-364da2661108

20 reference(s) from NVD

Quick Stats

CVSS v3 Score

N/A / 10.0

EPSS (Exploit Probability)

0.6%

69th percentile

Exploitation Status

Not in CISA KEV

Weaknesses (CWE)

CWE-352

Affected Vendors

cart66

Related CVEs

CVE-2026-8108 7.8

CVE-2026-5371 7.1

CVE-2026-44548 8.1

CVE-2026-44547 9.6

CVE-2026-44352 N/A